yarp | Yet another registry parser

There was a breaking changes in v1.0.0-preview11 for the way Routes are configured. You need to update your setting.

I managed to track down the cause and fix it.

1. Microsoft.AspNetCore.Authentication.JwtBearer actually makes not 1 but 2 calls to IdentityServer4: one to /.well-known/openid-configuration to get the configuration and then a call to the endpoint returned in jwks_uriof the previous response. The first call was to a localhost:port endpoint using the self signed certificate and working normally but the 2nd was to a realdomain endpoint using the Let's Encrypt certificate and failing with the error in the OP.
2. The Let's Encrypt certificate had an expired certificate in the chain: it was using DST Root CA X3 instead of ISRG Root X1 (more info here: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/)

This can be achieved by changing the IdentityServer4 origin in Startup.cs:

I thought the answer is No

Is there a way to configure Ocelot in the gateway so that it will Challenge the caller if necessary receive Windows Authentication information and pass it on to the microservices?

The problem is Windows Authentication is stateful, server and client are in the same Active Directory , you can find the note in .NET Core Windows Authentication

Windows Authentication is a stateful scenario primarily used in an intranet, where a proxy or load balancer doesn't usually handle traffic between clients and servers.

Microservices architecture requires a stateless instead stateful (means the server and client are in different AD/OS/Network). And Gateway is a stateless component in Microservices picture.

The only way Ocelot can authenticate Windows User is using Active Directory Federated Services (ADFS) with OpenID Connect (OIDC) or constructing Identity Server in the IIS Server by yourself. You can read the scenario in ADFS or Azure AD for more details.

Beside, there are my answers for two following questions:

1. No, Ocelot just provides the add-in feature to detect which claims of JWT must be included before it allows the request to go through downstream. You can build the custom Authentication/Authorization middleware to allow/deny the correct upstream.
2. No, YARP is the same meaning of Ocelot in your requirement.

Welcome to Vim!

I think most new vim users have been there. I certainly have! I wanted a 'vim as python IDE' and copied a whole bunch of stuff from every blog under the sun into my vimrc almost immediately after installing vim.

After some time spent fighting with all the settings, plugins and remaps I didn't understand, I decided to go through my vimrc, line by line and comment out anything I didn't understand (nearly all of it).

Then I used this more minimal vim for a while and whenever I decided I had a need for a certain feature, I checked the largely commented vimrc for anything that looked related, and/or googled for that particular feature only. Often you find that there is a built in method to do it with the core vim commands, and if not, then there are a lot of solutions for the problem (and often, you find that there is an even more powerful way that didn't occur to you - these are good days).

But the key is to not try and coerce vim into a huge IDE overnight! Let it happen gradually and things will make more sense, and you'll end up with a vimrc that you understand and therefore be in a position to add to it and tweak it.

The last thing I'll say is to recommend the following books:
'Learn VimScript the Hard Way' by Steve Losh
'Practical Vim' by Drew Neil, and his accompanying screencast series.
(Also there is The Primagean who does high quality youtube tutorials)

Having said all that, and acknowledging that an objective answer can't be given for your question, here is a minimal vimrc which has a few plugins and settings that do simple but very useful things (but do read up on them to understand how they work!):

You can use yarp::os::Bottle::size().

Both errors come from the same issue: